This repository was archived by the owner on Feb 16, 2026. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathdocker-compose.traefik.yml
More file actions
176 lines (148 loc) · 6.59 KB
/
docker-compose.traefik.yml
File metadata and controls
176 lines (148 loc) · 6.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
# =============================================================================
# Stirling PDF - Traefik Production Configuration
# =============================================================================
# Usage: docker compose -f docker-compose.traefik.yml up -d
#
# This configuration uses Traefik as reverse proxy with automatic HTTPS
# Access:
# - Stirling PDF: https://${SERVICE_HOSTNAME}
# - API Docs: https://${SERVICE_HOSTNAME}/swagger-ui/index.html
# =============================================================================
services:
# ---------------------------------------------------------------------------
# Stirling PDF Application
# ---------------------------------------------------------------------------
stirling-pdf:
# Option 1: Build custom image with branding (default)
# build:
# context: ./src
# dockerfile: Dockerfile
# args:
# STIRLING_VERSION: ${STIRLING_VERSION:-latest-fat}
# INCLUDE_BRANDING: "true"
# Option 2: Use pre-built custom image from GHCR
image: ghcr.io/bauer-group/cs-pdf-toolbox/pdf-toolbox:latest
restart: unless-stopped
container_name: ${STACK_NAME}_SERVER
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/api/v1/info/status"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
logging:
driver: json-file
options:
max-size: "50m"
max-file: "3"
environment:
- TZ=${TIME_ZONE:-Etc/UTC}
# -- UI Branding (V2) --
# Note: In V2, appName and homeDescription are set via Admin UI or custom_settings.yml
- UI_APPNAMENAVBAR=${UI_APPNAMENAVBAR:-PDF Toolbox [BAUER GROUP]}
- UI_LOGOSTYLE=${UI_LOGOSTYLE:-modern}
# -- System Settings --
- SYSTEM_DEFAULTLOCALE=${SYSTEM_DEFAULT_LOCALE:-en-GB}
- SYSTEM_GOOGLEVISIBILITY=${SYSTEM_GOOGLE_VISIBILITY:-false}
- SYSTEM_SHOWUPDATE=${SYSTEM_SHOW_UPDATE:-false}
- SYSTEM_SHOWUPDATEONLYADMIN=${SYSTEM_SHOW_UPDATE_ONLY_ADMIN:-true}
- SYSTEM_MAXFILESIZE=${SYSTEM_MAX_FILE_SIZE:-2000}
- SYSTEM_ROOTURIPATH=${SYSTEM_ROOT_URI_PATH:-/}
- SYSTEM_CONNECTIONTIMEOUTMINUTES=${SYSTEM_CONNECTION_TIMEOUT_MINUTES:-5}
# -- Language --
- LANGS=${LANGS:-en_GB,de_DE,fr_FR,es_ES,it_IT,pt_BR,zh_CN,ja_JP,ko_KR,ar_AR,bg_BG,ca_CA,cs_CZ,da_DK,el_GR,eu_ES,fa_IR,fi_FI,ga_IE,hi_IN,hr_HR,hu_HU,id_ID,nl_NL,no_NB,pl_PL,pt_PT,ro_RO,ru_RU,sk_SK,sl_SI,sr_LATN_RS,sv_SE,th_TH,tr_TR,uk_UA,vi_VN,zh_TW}
# -- Security Settings --
- SECURITY_ENABLELOGIN=${SECURITY_ENABLE_LOGIN:-true}
- SECURITY_INITIALLOGIN_USERNAME=${SECURITY_INITIAL_LOGIN_USERNAME:-admin}
- SECURITY_INITIALLOGIN_PASSWORD=${SECURITY_INITIAL_LOGIN_PASSWORD:-}
# -- PDF Signing Certificate --
# Server certificate for organization-wide signing
# Note: SYSTEM_SERVERCERTIFICATE_ENABLED is auto-set by entrypoint when KEYSTORE_P12_BASE64 is provided
- SYSTEM_SERVERCERTIFICATE_ORGANIZATIONNAME=${SYSTEM_SERVERCERTIFICATE_ORGANIZATIONNAME:-BAUER GROUP}
- KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
# Base64 encoded P12 (decoded by entrypoint to /configs/keystore.p12)
- KEYSTORE_P12_BASE64=${KEYSTORE_P12_BASE64:-}
# -- Legal Links --
- LEGAL_TERMSANDCONDITIONS=${LEGAL_TERMSANDCONDITIONS:-}
- LEGAL_PRIVACYPOLICY=${LEGAL_PRIVACYPOLICY:-}
- LEGAL_IMPRESSUM=${LEGAL_IMPRESSUM:-}
- LEGAL_ACCESSIBILITYSTATEMENT=${LEGAL_ACCESSIBILITYSTATEMENT:-}
- LEGAL_COOKIEPOLICY=${LEGAL_COOKIEPOLICY:-}
# -- SMTP (Optional) --
- MAIL_ENABLED=${MAIL_ENABLED:-false}
- MAIL_ENABLEINVITES=${MAIL_ENABLEINVITES:-false}
- MAIL_HOST=${MAIL_HOST:-}
- MAIL_PORT=${MAIL_PORT:-587}
- MAIL_USERNAME=${MAIL_USERNAME:-}
- MAIL_PASSWORD=${MAIL_PASSWORD:-}
- MAIL_FROM=${MAIL_FROM:-}
# -- Performance Tuning --
# JVM memory settings for high-performance servers
- JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS:--Xmx8g -Xms2g -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:ParallelGCThreads=8}
expose:
- 8080/tcp
labels:
- "traefik.enable=true"
# HTTP to HTTPS redirect
- "traefik.http.middlewares.${STACK_NAME}-redirect-to-secure.redirectscheme.scheme=https"
- "traefik.http.middlewares.${STACK_NAME}-redirect-to-secure.redirectscheme.permanent=true"
# HTTP Router (redirect to HTTPS)
- "traefik.http.routers.${STACK_NAME}-http.rule=Host(`${SERVICE_HOSTNAME}`)"
- "traefik.http.routers.${STACK_NAME}-http.entrypoints=web"
- "traefik.http.routers.${STACK_NAME}-http.middlewares=${STACK_NAME}-redirect-to-secure"
# HTTPS Router
- "traefik.http.routers.${STACK_NAME}-https.rule=Host(`${SERVICE_HOSTNAME}`)"
- "traefik.http.routers.${STACK_NAME}-https.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}-https.tls=true"
- "traefik.http.routers.${STACK_NAME}-https.tls.certresolver=letsencrypt"
- "traefik.http.routers.${STACK_NAME}-https.service=${STACK_NAME}"
# Service
- "traefik.http.services.${STACK_NAME}.loadBalancer.server.port=8080"
volumes:
# Configuration persistence
- 'stirling-configs:/configs'
# Custom files (branding, static assets, user signatures)
- 'stirling-customFiles:/customFiles'
# Logs
- 'stirling-logs:/logs'
# Pipeline automation (optional)
- 'stirling-pipeline:/pipeline'
# -- PDF Signing Certificate (Alternative: Direct Mount) --
# Use this instead of KEYSTORE_P12_BASE64 for file-based setup:
# - './certs/cert.p12:/configs/keystore.p12:ro'
networks:
local:
proxy:
# =============================================================================
# Volumes
# =============================================================================
volumes:
# Stirling PDF configuration and database
stirling-configs:
driver: local
name: ${STACK_NAME:-pdf}-configs
# Custom files (logos, CSS, signatures)
stirling-customFiles:
driver: local
name: ${STACK_NAME:-pdf}-customFiles
# Application logs
stirling-logs:
driver: local
name: ${STACK_NAME:-pdf}-logs
# Pipeline automation
stirling-pipeline:
driver: local
name: ${STACK_NAME:-pdf}-pipeline
# =============================================================================
# Networks
# =============================================================================
networks:
# Internal network for service communication (IPv4 + IPv6)
local:
driver: bridge
name: ${STACK_NAME:-pdf}
enable_ipv6: true
# External Traefik proxy network
proxy:
name: ${PROXY_NETWORK:-traefik}
external: true